UNPKG

@passmarked/ssl

Version:

Rules that relate to checking the SSL configuration of each individual resolved server from the domain to ensure locked down config with the broadest compatibility

github.com/passmarked/ssl

passmarked/ssl

123 lines (85 loc) 2.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
const tls = require('tls'); const net = require('net'); const url = require('url'); const _ = require('underscore'); const moment = require('moment'); const async = require('async'); const fs = require('fs'); const Constants = require('../constants'); /** * Check the valid date of a certificate **/ module.exports = exports = function(payload, options, fn) { // pull out the params we can use var address = options.address; var client = options.client; var socket = options.client; // get the data var data = payload.getData(); // sanity check if(!client) return fn(null); // get the certificate var cert = client.getPeerCertificate(false); // just in case the peer does not provide a certificate ... if(!cert) return fn(null); // extra the params from our certificate var validFrom = null; var validTo = null; try { // try to parse the dates validFrom = moment(cert.valid_from, Constants.TLS_DATE_FORMAT); validTo = moment(cert.valid_to, Constants.TLS_DATE_FORMAT); } catch(err) {} // sanity check that we got our dates if(!validFrom) return fn(null); if(!validTo) return fn(null); // get the amount of valid days still remaining var days = validTo.diff(moment(), 'days'); // check if the certificate has expired already ? if(days <= 0) { // update the message if perhaps today var message = 'Certificate on $ expired $ days ago and should be renewed.'; var identifiers = [ address, -(days) ]; // check the date if(days == 0) { // reset message and identifiers message = 'Certificate on $ expires today, and should be renewed.'; identifiers = [ address ]; } // yeap add the rule payload.addRule({ message: 'Certificate has expired', key: 'expired', type: 'critical' }, { message: message, identifiers: identifiers }); // stop exec return fn(null); } else { // message to show in the sidebar var message = 'Server certificate on $ expires in $ days and should be renewed.'; var identifiers = [ address, days ]; var type = 'error'; // according to the length of days set the message if(days <= 14) { type = 'error'; } else if(days < 31) { // expired today type = 'warning'; } else return fn(null); // yeap add the rule payload.addRule({ message: 'SSL Certificate is about to expire', key: 'expire', type: type }, { display: 'text', message: message, identifiers: identifiers }); // finish return fn(null); } };